The Cybersecurity Performance Goals (CPGs) have received an update from the Cybersecurity and Infrastructure Security Agency (CISA).
Released in October last year, the CPGs are voluntary cybersecurity practices aimed at helping businesses and critical infrastructure owners protect themselves against cyber threats. The updated version has been reorganized, reordered, and renumbered to align more closely with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) functions.
The new organization aims to help organizations prioritize their investments and build a comprehensive cybersecurity program around the CSF.
The CPGs are a prioritized subset of IT and operational technology (OT) cybersecurity practices. The practices are aimed at helping critical infrastructure owners and operators reduce the likelihood and impact of known risks and adversary techniques. The goals were developed based on existing cybersecurity frameworks and guidance, as well as the real-world threats and adversary tactics, techniques, and procedures observed by CISA and its partners.
By implementing these goals, owners and operators can not only reduce risks to critical infrastructure operations but also to the American people.
The updated CPGs have been informed by stakeholders from the government and industry partners.
The new version is aimed at improving the ease of use of the CPGs and ensuring that the practices align with the CSF functions. Organizations can use the CPGs to prioritize their cybersecurity investments and build a more comprehensive cybersecurity program around the CSF.
CISA encourages organizations to implement the CPGs voluntarily to protect themselves and their customers against cyber threats.
In conclusion, the CISA has released an updated version of the Cybersecurity Performance Goals (CPGs) to help organizations protect themselves against cyber threats. The new version has been reorganized, reordered, and renumbered to align more closely with the NIST Cybersecurity Framework (CSF) functions.
The CPGs are a prioritized subset of IT and OT cybersecurity practices aimed at reducing the likelihood and impact of known risks and adversary techniques. The updated version is informed by stakeholders from government and industry partners and is aimed at improving ease of use and ensuring that the practices align with the CSF functions.
Organizations can use the CPGs to prioritize their cybersecurity investments and build a comprehensive cybersecurity program around the CSF.
